Wednesday, January 09, 2008

Massive SQL-Based Web Attack Decoded

Robert Vamosi writes on the C|Net "D3F3NS3 1N D3PTH" Blog:

On Wednesday, the SANS Internet Storm Center and others published details about the massive SQL-based Web attack that occurred over the weekend. The attack, says SANS, is similar to a smaller SQL-injection attack seen last November. At least 70,000 sites were compromised in short period of time, leading some speculate this was an automated attack..

From logs files, the attack code appears to exploit a variety of SQL injection vulnerabilities existing on Web sites using Microsoft SQL or Microsoft IIS. On the vulnerable sites, malicious javascript is injected into all varchar and text fields in the SQL database such that when a visitor hits the site, their browsers, if vulnerable, are then redirected to another domain--in this case, us8010.com.

More here.

0 Comments:

Post a Comment

<< Home